blacknet | a25f5a796b86f95ab6e7cfb0ad7f8bef109748ff4667477697dea597180d1d7a

Analysis

max time kernel
13s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 07:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2d745d5bb38d4bd8f13ff66551772efe.exe
Size

1.1MB
MD5

2d745d5bb38d4bd8f13ff66551772efe
SHA1

6ccbd6fac2c228173b80caddaed057af5cc22d8d
SHA256

a25f5a796b86f95ab6e7cfb0ad7f8bef109748ff4667477697dea597180d1d7a
SHA512

70e736171ad1d5aee0d68b247fbe0afd415bc630399e4555a91dd43792794cd723912962a2a20f900a85bdd58040c20210c74e8f1b4456538003d18df7cae146
SSDEEP

24576:CcHSyExY6ViWhAkezLjJ9I9WSRJSBAIwDsJsT9dJdKspBBjgb:Coeb7ez7I9WdB5wDwsThdKspBBjg

Score

10^/10

blacknet hello trojan

Malware Config

Extracted

Family

blacknet

Version

v3.6.0 Public

Botnet

Hello

http://141.95.21.84

Mutex

BN[lEBYtSLH-5805348]

Attributes

antivm
false
elevate_uac
false
install_name
WindowsUpdate.exe
splitter
|BN|
start_name
68b4a4f47850fb62cd2157162048241c
startup
true
usb_spread
false

Signatures

BlackNET
BlackNET is an open source remote access tool written in VB.NET.
trojan blacknet

BlackNET payload 5 IoCs

resource	yara_rule
behavioral2/memory/1616-57-0x00000000000E0000-0x000000000046C000-memory.dmp	family_blacknet
behavioral2/memory/4952-60-0x00000000000E0000-0x000000000046C000-memory.dmp	family_blacknet
behavioral2/memory/4952-3367-0x00000000000E0000-0x000000000046C000-memory.dmp	family_blacknet
behavioral2/memory/5980-14156-0x00000000000E0000-0x000000000046C000-memory.dmp	family_blacknet
behavioral2/memory/3164-24104-0x00000000000E0000-0x000000000046C000-memory.dmp	family_blacknet

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
1616	2d745d5bb38d4bd8f13ff66551772efe.exe
1616	2d745d5bb38d4bd8f13ff66551772efe.exe

Suspicious behavior: EnumeratesProcesses 23 IoCs

pid	Process
1616	2d745d5bb38d4bd8f13ff66551772efe.exe
1616	2d745d5bb38d4bd8f13ff66551772efe.exe
1616	2d745d5bb38d4bd8f13ff66551772efe.exe
1616	2d745d5bb38d4bd8f13ff66551772efe.exe
1616	2d745d5bb38d4bd8f13ff66551772efe.exe
1616	2d745d5bb38d4bd8f13ff66551772efe.exe
1616	2d745d5bb38d4bd8f13ff66551772efe.exe
1616	2d745d5bb38d4bd8f13ff66551772efe.exe
1616	2d745d5bb38d4bd8f13ff66551772efe.exe
1616	2d745d5bb38d4bd8f13ff66551772efe.exe
1616	2d745d5bb38d4bd8f13ff66551772efe.exe
1616	2d745d5bb38d4bd8f13ff66551772efe.exe
1616	2d745d5bb38d4bd8f13ff66551772efe.exe
1616	2d745d5bb38d4bd8f13ff66551772efe.exe
1616	2d745d5bb38d4bd8f13ff66551772efe.exe
1616	2d745d5bb38d4bd8f13ff66551772efe.exe
1616	2d745d5bb38d4bd8f13ff66551772efe.exe
1616	2d745d5bb38d4bd8f13ff66551772efe.exe
1616	2d745d5bb38d4bd8f13ff66551772efe.exe
1616	2d745d5bb38d4bd8f13ff66551772efe.exe
1616	2d745d5bb38d4bd8f13ff66551772efe.exe
1616	2d745d5bb38d4bd8f13ff66551772efe.exe
1616	2d745d5bb38d4bd8f13ff66551772efe.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1616	2d745d5bb38d4bd8f13ff66551772efe.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1616	2d745d5bb38d4bd8f13ff66551772efe.exe
1616	2d745d5bb38d4bd8f13ff66551772efe.exe
1616	2d745d5bb38d4bd8f13ff66551772efe.exe

C:\Users\Admin\AppData\Local\Temp\2d745d5bb38d4bd8f13ff66551772efe.exe
"C:\Users\Admin\AppData\Local\Temp\2d745d5bb38d4bd8f13ff66551772efe.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1616
- C:\Users\Admin\AppData\Local\Temp\Microsoft\MyClient\WindowsUpdate.exe
  "C:\Users\Admin\AppData\Local\Temp\Microsoft\MyClient\WindowsUpdate.exe"
  2⤵
  PID:1216
- C:\Users\Admin\AppData\Local\Temp\svchosts.exe
  "C:\Users\Admin\AppData\Local\Temp\svchosts.exe"
  2⤵
  PID:756
- - C:\Users\Admin\AppData\Local\Temp\2d745d5bb38d4bd8f13ff66551772efe.exe
    "C:\Users\Admin\AppData\Local\Temp\2d745d5bb38d4bd8f13ff66551772efe.exe"
    3⤵
    PID:4952
- - C:\Users\Admin\AppData\Local\Temp\2d745d5bb38d4bd8f13ff66551772efe.exe
    "C:\Users\Admin\AppData\Local\Temp\2d745d5bb38d4bd8f13ff66551772efe.exe"
    3⤵
    PID:5980
- - C:\Users\Admin\AppData\Local\Temp\2d745d5bb38d4bd8f13ff66551772efe.exe
    "C:\Users\Admin\AppData\Local\Temp\2d745d5bb38d4bd8f13ff66551772efe.exe"
    3⤵
    PID:3164
- - C:\Users\Admin\AppData\Local\Temp\2d745d5bb38d4bd8f13ff66551772efe.exe
    "C:\Users\Admin\AppData\Local\Temp\2d745d5bb38d4bd8f13ff66551772efe.exe"
    3⤵
    PID:1448
- - C:\Users\Admin\AppData\Local\Temp\2d745d5bb38d4bd8f13ff66551772efe.exe
    "C:\Users\Admin\AppData\Local\Temp\2d745d5bb38d4bd8f13ff66551772efe.exe"
    3⤵
    PID:4004
- - C:\Users\Admin\AppData\Local\Temp\2d745d5bb38d4bd8f13ff66551772efe.exe
    "C:\Users\Admin\AppData\Local\Temp\2d745d5bb38d4bd8f13ff66551772efe.exe"
    3⤵
    PID:5340
- - C:\Users\Admin\AppData\Local\Temp\2d745d5bb38d4bd8f13ff66551772efe.exe
    "C:\Users\Admin\AppData\Local\Temp\2d745d5bb38d4bd8f13ff66551772efe.exe"
    3⤵
    PID:3504
- - C:\Users\Admin\AppData\Local\Temp\2d745d5bb38d4bd8f13ff66551772efe.exe
    "C:\Users\Admin\AppData\Local\Temp\2d745d5bb38d4bd8f13ff66551772efe.exe"
    3⤵
    PID:5796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\2d745d5bb38d4bd8f13ff66551772efe.exe.log

Filesize
866B

MD5
d6783169484bfb4dad8ef28bd20a1697

SHA1
857c968772c578f9badd8efda3e22c3f41346fa3

SHA256
b7dcdb8c751d4a29c09c77ecb5b5d1e7a61577ac62439e7ee760637385891b5a

SHA512
0368f8095bfa2c83e217a3486f6dfd667b174fbad10d0c21ff001e3e990d865286c82eab4ea7e3b39ae2a7574258293dbce5aa0c20f2016cb8bfe51348d16501

Download Submit
C:\Users\Admin\AppData\Local\Temp\2d745d5bb38d4bd8f13ff66551772efe.exe

Filesize
18KB

MD5
8ac4fb3023480c47ab85a4e46f1f7d9c

SHA1
4f9cd3100fae62c22bd6b4d50169b21885193f2a

SHA256
a5c8dbbbdf56e468de8dbe78d6304040e84f439cd36a7971eedeb882c87637a7

SHA512
e85a1658fdaebbfb4fe997fe5f293c6a534ce8f7c92761263e855f74a427f5e8a8217c58fdd2125a36893a86e8b327907bb158510407fdeb49fac1fdb9fe7eb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\2d745d5bb38d4bd8f13ff66551772efe.exe

Filesize
14KB

MD5
2417db3882a4175b59d884ec4467ff98

SHA1
479ed01e1d0e13e9810a7015e78068065ae41b4f

SHA256
5d9a6b5064ae8d75d2500c59ce95612ddf6e3eaaf51aa44b9531aadde3ece016

SHA512
6d1c3e10912531ad102b6a08781ec7c09497f72dcee8bb06847cbf7aa84719daaf0f76bcaa18a3dad4e974f08eb052fd7d55b40fdf7172d124416df321255509

Download Submit
C:\Users\Admin\AppData\Local\Temp\2d745d5bb38d4bd8f13ff66551772efe.exe

Filesize
51KB

MD5
40757a9399609d8a6619232880b3a734

SHA1
bccac6cb220c5eb8fc3942599c42d783b7ff35a0

SHA256
c33d28c460f97d6558427b8088fcd77b09597628c397b23141c811cb08ae0c9f

SHA512
437b47361a851aeeba42752342e0dcd466c8ce6abbbff4bd4114f08b13c3b021bbf78662d86e6007beb67bf23f6c789724dda8cbed4b64b994b857e278098969

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft\MyClient\WindowsUpdate.exe

Filesize
308KB

MD5
72f9c3d353ecccc78f0241276feab592

SHA1
2e1be2be2d29c991364be9532eec612901e00261

SHA256
6f026cb1c160b0f9f4b2dfc0c8b08ca51860ba2e0ffaeba6719edcefe20e83a3

SHA512
63db6ab62c27d14e7e822400264423e4ad44b1ea84fad12c65e47a9eaab6d4ff922253842507ee9a8fd82fcdb2af53818b2530f10d70a16e8458064342c049bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft\MyClient\WindowsUpdate.exe

Filesize
67KB

MD5
06bee41dc05203f73d46a0d027f4b0a4

SHA1
da7659412460d2b43602efffc756773a1a8885cd

SHA256
c3e6f1898fc83f76dcf920bbdc0d402ded42345b001a07dfba9eaa3975d7402a

SHA512
f44287c2a0476dd7fdd8edbdb26fe3ed2d4087a147946e6514665c1d433777863bec506eddbb88d82ebc260369a305a0cecb61b1775ff75acd6c626564546727

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft\MyClient\WindowsUpdate.exe

Filesize
70KB

MD5
42237ac8f352b00eeaf7832d17a510b5

SHA1
42b4991cb33db7d6daef1a6c7aaee0b5b8bc0091

SHA256
89cbd4ff06383f9602981da022e18b3adfcb2d99b6b61652b24893b87726278b

SHA512
e1ec1fdb91edfa08e461525e9b1cb2f1c5f5ba30926a91d9e02bceeedafdde2e9085bb9b2d42c6591099258169dda0eba1fc5f0f849f3e384b53ddd1de8f9049

Download Submit
C:\Users\Admin\AppData\Local\Temp\svchosts.exe

Filesize
17KB

MD5
89dd6e72358a669b7d6e2348307a7af7

SHA1
0db348f3c6114a45d71f4d218e0e088b71c7bb0a

SHA256
ad34794058212006ae974fcc6a0242598e6d020f08044439e3512773cd402b7e

SHA512
93b8a47686d7491281a0809b138a6244a535302ba0d6b2146849e9888632c72b6223ae8eb7a24f1006aaf57ab947a8f43719cff4837df559e7bf42f52c63856b

Download Submit
memory/756-46-0x000000001C0A0000-0x000000001C13C000-memory.dmp

Filesize
624KB

Download
memory/756-44-0x000000001BAE0000-0x000000001BFAE000-memory.dmp

Filesize
4.8MB

Download
memory/756-68-0x00007FF8B5FB0000-0x00007FF8B6951000-memory.dmp

Filesize
9.6MB

Download
memory/756-43-0x00007FF8B5FB0000-0x00007FF8B6951000-memory.dmp

Filesize
9.6MB

Download
memory/756-69-0x00007FF8B5FB0000-0x00007FF8B6951000-memory.dmp

Filesize
9.6MB

Download
memory/756-50-0x000000001B4D0000-0x000000001B4D8000-memory.dmp

Filesize
32KB

Download
memory/756-52-0x000000001C200000-0x000000001C24C000-memory.dmp

Filesize
304KB

Download
memory/756-42-0x000000001B560000-0x000000001B606000-memory.dmp

Filesize
664KB

Download
memory/756-45-0x0000000000FC0000-0x0000000000FD0000-memory.dmp

Filesize
64KB

Download
memory/756-47-0x00007FF8B5FB0000-0x00007FF8B6951000-memory.dmp

Filesize
9.6MB

Download
memory/1216-71-0x0000000074170000-0x0000000074721000-memory.dmp

Filesize
5.7MB

Download
memory/1216-74-0x0000000003780000-0x0000000003790000-memory.dmp

Filesize
64KB

Download
memory/1216-73-0x0000000003780000-0x0000000003790000-memory.dmp

Filesize
64KB

Download
memory/1216-51-0x0000000003780000-0x0000000003790000-memory.dmp

Filesize
64KB

Download
memory/1216-72-0x0000000003780000-0x0000000003790000-memory.dmp

Filesize
64KB

Download
memory/1216-67-0x00000000006A0000-0x0000000000A2C000-memory.dmp

Filesize
3.5MB

Download
memory/1216-26-0x00000000006A0000-0x0000000000A2C000-memory.dmp

Filesize
3.5MB

Download
memory/1216-48-0x0000000074170000-0x0000000074721000-memory.dmp

Filesize
5.7MB

Download
memory/1448-27162-0x0000000003540000-0x0000000003550000-memory.dmp

Filesize
64KB

Download
memory/1448-27016-0x00000000000E0000-0x000000000046C000-memory.dmp

Filesize
3.5MB

Download
memory/1448-27159-0x0000000074170000-0x0000000074721000-memory.dmp

Filesize
5.7MB

Download
memory/1616-0-0x00000000000E0000-0x000000000046C000-memory.dmp

Filesize
3.5MB

Download
memory/1616-54-0x00000000026E0000-0x00000000026F0000-memory.dmp

Filesize
64KB

Download
memory/1616-5-0x00000000026E0000-0x00000000026F0000-memory.dmp

Filesize
64KB

Download
memory/1616-8-0x0000000074170000-0x0000000074721000-memory.dmp

Filesize
5.7MB

Download
memory/1616-25-0x00000000026E0000-0x00000000026F0000-memory.dmp

Filesize
64KB

Download
memory/1616-58-0x0000000074170000-0x0000000074721000-memory.dmp

Filesize
5.7MB

Download
memory/1616-57-0x00000000000E0000-0x000000000046C000-memory.dmp

Filesize
3.5MB

Download
memory/1616-4-0x00000000026E0000-0x00000000026F0000-memory.dmp

Filesize
64KB

Download
memory/1616-55-0x00000000026E0000-0x00000000026F0000-memory.dmp

Filesize
64KB

Download
memory/1616-2-0x00000000026E0000-0x00000000026F0000-memory.dmp

Filesize
64KB

Download
memory/1616-1-0x0000000074170000-0x0000000074721000-memory.dmp

Filesize
5.7MB

Download
memory/1616-7-0x00000000000E0000-0x000000000046C000-memory.dmp

Filesize
3.5MB

Download
memory/1616-53-0x00000000026E0000-0x00000000026F0000-memory.dmp

Filesize
64KB

Download
memory/1616-41-0x0000000074170000-0x0000000074721000-memory.dmp

Filesize
5.7MB

Download
memory/1616-3-0x0000000074170000-0x0000000074721000-memory.dmp

Filesize
5.7MB

Download
memory/3164-24181-0x0000000074170000-0x0000000074721000-memory.dmp

Filesize
5.7MB

Download
memory/3164-24104-0x00000000000E0000-0x000000000046C000-memory.dmp

Filesize
3.5MB

Download
memory/3164-18350-0x00000000034A0000-0x00000000034B0000-memory.dmp

Filesize
64KB

Download
memory/3164-17954-0x00000000034A0000-0x00000000034B0000-memory.dmp

Filesize
64KB

Download
memory/3164-18074-0x00000000034A0000-0x00000000034B0000-memory.dmp

Filesize
64KB

Download
memory/3164-17585-0x0000000074170000-0x0000000074721000-memory.dmp

Filesize
5.7MB

Download
memory/3164-17769-0x0000000074170000-0x0000000074721000-memory.dmp

Filesize
5.7MB

Download
memory/3164-17642-0x00000000034A0000-0x00000000034B0000-memory.dmp

Filesize
64KB

Download
memory/3164-17190-0x00000000000E0000-0x000000000046C000-memory.dmp

Filesize
3.5MB

Download
memory/4952-65-0x0000000003760000-0x0000000003770000-memory.dmp

Filesize
64KB

Download
memory/4952-3472-0x0000000074170000-0x0000000074721000-memory.dmp

Filesize
5.7MB

Download
memory/4952-60-0x00000000000E0000-0x000000000046C000-memory.dmp

Filesize
3.5MB

Download
memory/4952-63-0x0000000003760000-0x0000000003770000-memory.dmp

Filesize
64KB

Download
memory/4952-64-0x0000000074170000-0x0000000074721000-memory.dmp

Filesize
5.7MB

Download
memory/4952-62-0x0000000074170000-0x0000000074721000-memory.dmp

Filesize
5.7MB

Download
memory/4952-66-0x0000000003760000-0x0000000003770000-memory.dmp

Filesize
64KB

Download
memory/4952-70-0x0000000003760000-0x0000000003770000-memory.dmp

Filesize
64KB

Download
memory/4952-3367-0x00000000000E0000-0x000000000046C000-memory.dmp

Filesize
3.5MB

Download
memory/5980-6502-0x0000000003020000-0x0000000003030000-memory.dmp

Filesize
64KB

Download
memory/5980-5981-0x00000000000E0000-0x000000000046C000-memory.dmp

Filesize
3.5MB

Download
memory/5980-6084-0x0000000074170000-0x0000000074721000-memory.dmp

Filesize
5.7MB

Download
memory/5980-6215-0x0000000074170000-0x0000000074721000-memory.dmp

Filesize
5.7MB

Download
memory/5980-6211-0x0000000003020000-0x0000000003030000-memory.dmp

Filesize
64KB

Download
memory/5980-6397-0x0000000003020000-0x0000000003030000-memory.dmp

Filesize
64KB

Download
memory/5980-6645-0x0000000003020000-0x0000000003030000-memory.dmp

Filesize
64KB

Download
memory/5980-6780-0x0000000003020000-0x0000000003030000-memory.dmp

Filesize
64KB

Download
memory/5980-14201-0x0000000074170000-0x0000000074721000-memory.dmp

Filesize
5.7MB

Download
memory/5980-14156-0x00000000000E0000-0x000000000046C000-memory.dmp

Filesize
3.5MB

Download